const express = require('express')
const app = express()

const whiteList = ['http://localhost:3000']

app.use(function (req, res, next) {
  const origin = req.headers.origin
  if (whiteList.includes(origin)) {
    res.setHeader('Access-Control-Allow-Origin', origin)
    res.setHeader('Access-Control-Allow-Methods', 'PUT, POST, DELETE')
    res.setHeader('Access-Control-Allow-Credentials', true)
    if (req.method === 'OPTIONS')
      res.end()   //  OPTIONS 请求不做任何处理
  }
  next()
})
